EP2106191A1 - Procédé pour la mise à jour d'une carte intelligente et carte intelligente dotée d'une capacité de mise à jour - Google Patents

Procédé pour la mise à jour d'une carte intelligente et carte intelligente dotée d'une capacité de mise à jour Download PDF

Info

Publication number
EP2106191A1
EP2106191A1 EP08400015A EP08400015A EP2106191A1 EP 2106191 A1 EP2106191 A1 EP 2106191A1 EP 08400015 A EP08400015 A EP 08400015A EP 08400015 A EP08400015 A EP 08400015A EP 2106191 A1 EP2106191 A1 EP 2106191A1
Authority
EP
European Patent Office
Prior art keywords
smartcard
data
security token
database
mobile terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
EP08400015A
Other languages
German (de)
English (en)
Other versions
EP2106191B1 (fr
Inventor
Najib Koraichi
Javier Montaner
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vodafone Holding GmbH
Original Assignee
Vodafone Holding GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vodafone Holding GmbH filed Critical Vodafone Holding GmbH
Priority to ES08400015T priority Critical patent/ES2400398T3/es
Priority to EP08400015A priority patent/EP2106191B1/fr
Publication of EP2106191A1 publication Critical patent/EP2106191A1/fr
Application granted granted Critical
Publication of EP2106191B1 publication Critical patent/EP2106191B1/fr
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/77Graphical identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the invention relates to the administration of a smartcard connected to a mobile terminal having access to a mobile communication network. Particularly, the invention relates to the transmission of data to the smartcard.
  • the smartcard may be a user identification module, which is particularly used for identifying and authenticating a mobile user to the mobile communication network.
  • Smartcards are cards containing an embedded integrated circuit for processing information.
  • the embedded circuit comprises a memory for storing data and it can further comprise a microprocessor component for running applications and manipulating data.
  • smartcards are used as user identification modules, which particularly identify and authenticate a mobile user to a mobile communication network.
  • smartcards are used for providing additional services in the mobile communication system, for storing personal data of the mobile user and for storing configuration data of the mobile communication device, for example.
  • GSM Global System for Mobile communication
  • SIM Subscriber Identity Module
  • UMTS Universal System for Mobile Telecommunication
  • UICC Universal System for Mobile Telecommunication
  • USIM Universal Subscriber Identity Module
  • the so-called over the air (OTA) technology allows for updating or changing data and/or applications in the smartcard without having to reissue the card.
  • the OTA technology uses a client/user architecture where at one end there is a backend system and at the other end there is the smartcard.
  • the backend system comprises a database providing the data and an OTA gateway, which is typically operated by the mobile network operator and which sends the data to the smartcard via the mobile communication network.
  • the OTA gateway encrypts the data using a key, which is shared between the OTA gateway and the smartcard.
  • the smartcard decrypts the data using a corresponding decryption key thereby confirming that the data originates from the mobile network operator. If the data cannot be validated successfully, the smartcard denies access to its memory and other functions, and the data cannot be stored in the smartcard.
  • SMS Short Message Service
  • the amount of data usually exceeds the size of one short message and the data is distributed among several short messages, which are sent to the smartcard.
  • downloading a greater amount of data to the smartcard such as, for example, a new or updated application, imposes a relatively huge load to the OTA gateway and the mobile communication network, since the data has to be sent from the OTA gateway to the smartcard via the mobile communication network.
  • the object is achieved by a method comprising the features of claim 1 and by a smartcard comprising the features of claim 15. Embodiments of the method and the smartcard are given in the dependent claims.
  • a method for transferring data to a smartcard connected to a mobile terminal having access to a mobile communication network comprises the steps of:
  • a smartcard for use in a mobile terminal having access to a mobile communication network.
  • the smartcard comprises:
  • the invention involves the idea to divide the download of the data and of a security token for validating the data into two steps.
  • This has the advantage that the security token can be provided in a transmission step being independent from the transmission of the data to the smartcard.
  • the data does not have to be provided by the server providing the security token thereby reducing the load of this server.
  • the security token comprises a security feature and not the data to be downloaded itself, it has a smaller data volume than the data to be downloaded.
  • the data is provided by a database that may be connected to the mobile terminal.
  • the smartcard may comprise a user identification module, particularly a SIM and/or a USIM.
  • the smartcard could be any smartcard connected to a mobile terminal.
  • the connection between the server and the smartcard is established via the mobile terminal.
  • the mobile terminal receives the security token, it forwards the security token to the smartcard, where it is received in the receiving component.
  • the encrypted part of the security token is encrypted using an encryption key securely stored in the server and the encrypted part of the security token is decrypted using a decryption key allocated to the encryption key, the decryption key being securely stored in the smartcard.
  • the authenticity of the security token can be checked by decrypting the encrypted parts of the security token.
  • the security token originates from the server only if its encrypted part can be decrypted using the decryption key allocated to the encryption key used in the server.
  • the security feature comprises a checksum of the data, the checksum being used in the smartcard for validating the integrity of the data.
  • the checksum is an information uniquely derived from the data, such as, for example, a hash function computed using a hash algorithm known to a person skilled in the art. Since the checksum is different, when the data is modified, the checksum allows for validating the integrity of the data. This means that it is checked that the data has not been modified without permission.
  • the checksum may be provided to the server by the database before sending the security token to the mobile terminal and/or the smartcard.
  • the smartcard retrieves the data from the database in response to receiving the security token using information contained in the security token.
  • the smartcard receives the security token at first. Then, the smartcard uses information contained in the security token to retrieve the data from the database. This information may comprise information identifying the data and/or information for addressing the database.
  • the server sends a command to the database in connection with the transmission of the security token to the smartcard, the command instructing of the database to transmit the data to the smartcard.
  • the transmission of the data to the smartcard is initiated by the server in connection with the transmission of the security token to the smartcard.
  • the server may initiate the transmission of the data to the smartcard after having sent the security token to the smartcard.
  • the command for instructing the database to transmit the data to the smartcard may comprise information identifying the data and/or information identifying the smartcard.
  • One embodiment of the method and the smartcard provides that the data is encrypted and wherein the smartcard decrypts the data using a decryption key contained in the security token.
  • This embodiment improves the level of security by providing the data in encrypted form. Particularly, this prevents third parties from seeing the data while they are transmitted to the smartcard.
  • the key used for decrypting the data in the smartcard is provided in the security token. Within the security token, this key may be contained in the encrypted part so that it is protected against access by unauthorized third parties.
  • the smartcard is connected to the database via the mobile terminal, the mobile terminal being connected to the database via the mobile communication network or a data network.
  • a connection between the smartcard and the database is established by the mobile terminal.
  • the mobile terminal is connected to the database via the mobile communication network or via another data network, such as, for example, the Internet.
  • the mobile terminal passes the data to the smartcard.
  • a further embodiment of the method and the smartcard provides that the first communication channel and/or the second communication channel is an SMS channel.
  • SMS is used for transmitting the security token to the smartcard and/or for transmitting the data to the smartcard.
  • the SMS messages are received in the mobile terminal, which forwards the messages to the smartcard connected to the mobile terminal.
  • SMS may be used for transmitting the data to the smartcard, if the mobile terminal and the database are connected to each other via the mobile communication network.
  • the data can be transmitted to the smartcard via a communication channel that is different from the communication channel via which the security token is transmitted to the smartcard. Therefore, in one embodiment of the method and the smartcard, the second communication channel is different from the first communication channel.
  • the second communication channel for transmitting the data to the smartcard may be a communication channel providing high data transfer rates.
  • the second community patient channel may be a GPRS channel (GPRS: General Packet Radio Service) or another data communication channel provided by the network which connects the mobile terminal to the database.
  • GPRS General Packet Radio Service
  • IP Internet protocol
  • the first communication channel for transmitting the security token to the smartcard can be chosen independently from the second communication channel. Owing to the small data volume of the security token the second communication channel can be a communication channel which has a smaller data transfer rate.
  • the database is contained in an adapter module, which is connectable to the smartcard.
  • the adapter module is connected between the mobile terminal and the smartcard.
  • the aforementioned embodiments have the advantage that the data is provided by an adapter module that can be connected directly to the smartcard.
  • the adapter module can be connected between the mobile terminal and the smartcard.
  • it is not necessary to download the data to the smartcard through a data network.
  • authenticity and integrity of the data is guaranteed by means of the security token provided by the server for validating the data.
  • the adapter module is connectable directly to the smartcard, use of the data provided by the adapter module is approved by the server and by means of the security token.
  • the data is provided on a screen connected to the database and acquired by means of a camera sensor provided by the mobile terminal and wherein the mobile terminal passes the acquired data to the smartcard.
  • the mobile terminal comprises a camera sensor for acquiring the data, which is provided on a screen.
  • a camera sensor for acquiring the data, which is provided on a screen.
  • the data does not have to be downloaded to the smartcard via a data network.
  • this embodiment can make use of the fact, that mobile terminals, such as, for example, mobile phones or PDAs (Personal Data Assistants), often comprise a camera sensor as a standard feature.
  • the data is provided on the screen in a coded form, particularly as a barcode.
  • the barcode may be a two-dimensional barcode or a three-dimensional barcode, for example.
  • a computer program is provided.
  • the computer program is loadable into the internal memory of a digital computer and comprises software code portions for performing the steps of a method of the type described before when the computer program is run on a computer.
  • a system comprising a smartcard of the type described before. Moreover, the system comprises a server connected to the mobile communication network for transmitting the security token to the smartcard and a database connectable to the smartcard for transmitting the data to the smartcard.
  • Fig. 1 schematically depicts a mobile communication system comprising a mobile terminal 100, such as, for example, a cellular phone, a PDA (Personal Data Assistant) or the like, which is wirelessly connected to a PLMN (Public Land Mobile Network) 102 via a radio access network 104.
  • the PLMN 102 is the core network of the mobile communication system operated by a mobile network operator and may be configured according to the GSM standard or according to the UMTS standard, for example.
  • the radio access network 104 may be configured as a GERAN (GSM Edge Radio Access Network) according to the GSM standard or as an UTRAN (Universal Terrestrial Radio Access Network) according to the UMTS standard, for example.
  • GSM Edge Radio Access Network GSM Edge Radio Access Network
  • UTRAN Universal Terrestrial Radio Access Network
  • the mobile terminal 100 comprises a radio interface 115 for connecting the mobile terminal 100 to the PLMN 102 via the radio access network 104.
  • the mobile user can operate the mobile terminal 100 by means an input component 116, such as, for example, a keyboard, and a display component 117.
  • the operation of the mobile terminal 100 is controlled by a processor unit 118, which is connected to a memory 119 unit for storing applications that can be run on the processor unit 118 and for storing user and configuration data, which are accessed during the operation of the mobile terminal 100.
  • the reference numeral 130 refers to a camera sensor, which is an optional component of the mobile terminal 100.
  • the mobile terminal 100 is connected to a smartcard 106.
  • the card reader unit 120 is usually arranged within a battery compartment of the mobile terminal 200, which is accessible by the mobile user.
  • the smartcard 106 contains a user identification module that provides information and functions for using the mobile terminal 100 in the mobile communication system.
  • the smartcard 106 particularly provides information for identifying and authenticating the mobile user in the PLMN 102.
  • the user identification module may be configured as a SIM according to the GSM standard or as a USIM according to the UMTS standard.
  • the smartcard 106 comprises a microprocessor unit 121 and a memory 122 for storing program codes run on the microprocessor 121 and data used in the operation of the smartcard 106.
  • the data stored in smartcard 106 can be read out and manipulated using commands provided by the smartcard 106.
  • a manipulation of the data may comprise modifying, deleting or adding data.
  • Further commands are provided for accessing and executing the program code of applications stored in the smartcard 106.
  • applications may be managed while the smartcard 106 is in use of the mobile user. This means that the smartcard 106 provides commands for loading, installing, removing, locking and unlocking applications.
  • the commands provided by the smartcard 106 can be externally accessed, particularly from the mobile terminal 100.
  • the smartcard 106 is able to access functions of the mobile terminal 100 using proactive commands.
  • the proactive commands and commands for accessing the smartcard 106 may be provided by the so-called SIM Application Toolkit (SAT) or by the USIM Application Toolkit (USAT) both of which are specified in the document TS 31.111 of the 3GPP.
  • SAT SIM Application Toolkit
  • USAT USIM Application Toolkit
  • U USAT
  • an OTA mechanism is enabled, which means that a connection can be established between the smartcard 106 and a background system.
  • This allows for a management of data and/or applications stored in the smartcard 106 from an external site.
  • the mechanism In case of managing files the mechanism is referred to as remote file management (RFM) and in case of managing applications the mechanism is referred to as remote application management (RAM).
  • RFM and RAM a predefined set of commands of the smartcard 106 can be accessed from the external site. This may be the set of commands specified in the document TS 23.048 of the 3GPP.
  • RFM and RAM allow for updating data stored in the smartcard 106 and for updating existing applications or downloading new applications to the smartcard 106 without having to reissue the smartcard 106.
  • the remote management of the smartcard 106 is only allowed to the card issuer or has to be authorized by the card issuer, which is the operator of the PLMN 102 the mobile user has subscribed to. This prevents unauthorized third parties from accessing sensitive data stored in the smartcard 106 and from making fraudulent use thereof.
  • an OTA server 108 is provided in the PLMN 102 that authorizes accesses to the smartcard 106.
  • the OTA server 108 is under control of the mobile network operator. This means that only the mobile network operator is allowed to administrate the OTA server 108 and that the OTA server 108 is secured against access by third parties.
  • the smartcard 106 comprises a receiving component 201 corresponding to an interface for receiving data from an external source, such as, for example, the mobile terminal 100.
  • the receiving component 201 is connected to a decryption component 202 for decrypting information received from the OTA server 108 and to a validation component 203 adapted to validate data downloaded to the smartcard 106 using cryptographic information received from the OTA server 108.
  • the components 201, 202, 203 of the smartcard 106 are software modules. Their program code is stored in the memory 122 and run on the microprocessor 121 of the smartcard 106.
  • the mobile network operator Before issuing the smartcard 106 to the mobile user, the mobile network operator generates one or more OTA keys, which are shared between the OTA server 108 and the smartcard 106. Preferably, there exist unique OTA keys for every smartcard 106 issued by the mobile network operator. For one smartcard 106 the OTA keys comprise one key for encrypting information which is used by the OTA server 108 and one key for decrypting the information. The decryption key is stored securely in the memory 122 of the smartcard 106 and can be accessed by the decryption component 202, when decrypting cryptographic information provided by the OTA server 108.
  • symmetric encryption is applied, where the same key is used for encrypting and decrypting data.
  • Both the OTA server 108 and the smartcard 106 store the key, which is used by the OTA server 108 for encrypting information and by the smartcard 106 for decrypting information encrypted by the OTA server 108.
  • asymmetric encryption is applied, where a key pair is provided comprising an encryption key and an allocated decryption key, which is different from the encryption key.
  • a database 110 which may be operated by the mobile network operator or by a third party.
  • the smartcard 106 may be connected to the database 110 via the PLMN 102 or via another data connection.
  • a checksum of the data is calculated and provided to the OTA server 108 and stored therein.
  • the checksum is an information uniquely derived from the program code, such as, for example, a hash function computed using a hash algorithm known to a person skilled in the art.
  • an ID identifying the data.
  • the ID is shared between the OTA server 108 and the database 110.
  • the ID is an alphanumeric string, which is assigned uniquely to the application or data.
  • the OTA server 108 Upon a corresponding request the OTA server 108 generates a security token.
  • the security token comprises the checksum and the application ID of the application to be downloaded.
  • the OTA server 108 After having generated the security token the OTA server 108 encrypts the security token using the encryption key described before. Then, the OTA server 108 sends the security token to the smartcard 106.
  • the OTA server 108 For transmitting the security token to the smart card, the OTA server 108 sends a message containing the security token to the mobile terminal 100 via predefined communication channel and the mobile terminal 100 forwards the message to the smartcard 106.
  • SMS-C SMS service centre
  • BIP bearer independent protocol
  • the receiving component 201 receives the message containing the security token and recognizes the security token based on a predefined feature of the message.
  • the feature may be a predefined keyword in the header of the message.
  • the receiving component 201 passes the security token to the decryption component 202.
  • the decryption component 202 decrypts the security token using the aforementioned decryption key. If the decryption is successful, the decryption component 202 recognizes a valid security token issued by the OTA server 108 and passes it to the validation component 203. The successful decryption may be confirmed by an answer message generated by the decryption component 202, which is sent to the OTA server 108. If the security token cannot be decrypted successfully using the predefined decryption key, the security token is not recognized as valid. The reason for the invalidity may be that the security token was sent by an unauthorized third party that does not possess the valid encryption key or that an error occurred during the generation and/or the transmission of the security token from the OTA server 108 to the smartcard 106.
  • the smartcard 106 may generate an error message to be sent to the OTA server 108, when a security token was received that has not been recognized as valid. This allows the OTA server 108 to regenerate and resend the security token to the smartcard 106.
  • the answer message and the error message are sent from the mobile terminal 100 to the OTA server 108 through the mobile communication system using a predefined communication channel, such as, for example, the SMS channel.
  • a predefined communication channel such as, for example, the SMS channel.
  • the smartcard 106 may use proactive (U)SAT commands.
  • the program code of the application to be downloaded to the smartcard 106 is transmitted from the database 110 to the smartcard 106, where it is received in the receiving component 201.
  • the receiving component 201 recognizes the program code and passes it to the validation component 203.
  • the received data comprises the ID of the application that is also passed to the validation component 203.
  • Processing of the program code in the validation component 203 comprises comparing the application ID with the application ID in the security token in order to validate that the correct application has been received.
  • the validation component 203 validates the integrity of the application by re-computing the checksum and comparing the result of the computation with the checksum contained in the security token. If both checksums match, the validation component 203 approves the program code for installation in the smartcard 106. Otherwise, the validation component 203 inhibits the installation of the program code. In this case, the validation component 203 may generate a corresponding error message, which is sent to the database or to the OTA server 108.
  • an encrypted version of the program code may be transmitted from the database 110 to the smartcard 106. This prevents third parties from seeing the program code during the transmission from the database 110 to the smartcard 106.
  • the decryption key for decrypting the program code is shared between the database 110 and the OTA server 108 and provided to the smartcard within the security token.
  • the decryption of the program code may be made in the validation component 203 of the smartcard 106 when checking the integrity of the program code, or in the decryption component 202.
  • the checksum may either be calculated on the basis of the plain program code or on the basis of the encrypted program code. In the latter case, the validation component 203 calculates the checksum before decrypting the program code, while in the first case it calculates the checksum after decrypting the program code.
  • the process of downloading the application is also depicted schematically in figure 3 .
  • the download of the application is initiated by the mobile user.
  • the mobile user controls the mobile terminal 100 to send a request message to the database 110 in step 301.
  • the database 110 informs the OTA server 108 about the request of the mobile user in step 302. This may be done by sending a message from the database 110 sent to the OTA server 108 specifying the application ID.
  • an identification code of the mobile user may be given in the message, and thereby identifying the smartcard 106 to which the application is to be downloaded.
  • the OTA server 108 After having received the message from the database 110 the OTA server 108 generates the security token in step 303, if it has not been generated beforehand. Then, the security token is sent from the OTA server 108 to the smartcard 106 in a way described before.
  • the OTA server 108 after having transmitted the security token to the smartcard 106 the OTA server 108 sends a command to the database 110 in step 305a, which initiates the transmission of the program code from the database 112 to the smartcard 106 in step 306.
  • the command for initiating the transmission may be sent from the smartcard 106 to the database 110 after the security token has been received in the smartcard 106. In figure 3 , this is depicted as step 305b.
  • the command comprises the application ID and the user ID, thereby identifying the desired application and the smartcard 106 to which the application is downloaded.
  • the integrity of the program code is checked in the smartcard 106 in step 307 as described before.
  • the security token used for the integrity check is being decrypted and validated in the smartcard 106 in the aforementioned way.
  • FIG. 1 For embodiments described before in that it is not the mobile user but the OTA server 108 who initiates the download by sending a corresponding request to the database 110.
  • This allows the mobile network operator to initiate the download and to specify smartcards 106 to which the application is to be downloaded. The mobile network operator may use this option, when he wants to update certain smartcards 106 with a new application or a new version of an already existing application.
  • step 301 of figure 3 the request for downloading the application is not addressed to the database 110 but to the OTA server 108.
  • step 302 in which the database informs the OTA server 108 about the download request is omitted.
  • the program code of the application is transmitted from the database 110 to the smartcard 106 at first.
  • the program code of the application is temporarily stored in the memory 122 until it is validated.
  • the transmission of the security token from the OTA server 108 to the smartcard 106 may be initiated by the database 110, when the database 110 transmits the program code of the application to the smartcard 106.
  • the database 110 sends a message to the OTA server specifying the application and the smartcard 106 by giving the application ID and the user ID of the mobile user.
  • the smartcard 106 may retrieve the security token from the OTA server 108 after having received the program code of the application. For retrieving the security token, the smartcard 106 sends a message to the OTA server 108 via the mobile communication system again containing the application ID and the user ID.
  • the communication channel used for transmitting the program code to the smartcard 106 depends on the type of connection between the smartcard 106 and the database 110.
  • any type of connection between a smartcard 106 and database 110 known to a skilled person and corresponding communication channels can be used.
  • several advantageous connection types are described by way of example.
  • the database 110 is connected to the PLMN 102.
  • the database 110 may be connected directly to the PLMN 102, or it may be connected to the PLMN 102 via another network.
  • the program code is transmitted from the database 110 to the mobile terminal 100 via the PLMN 102 and the mobile terminal 100 forwards the program code to the smartcard 106.
  • the communication between the PLMN 102 and the mobile terminal 100 can use any communication channel provided in the mobile communication system for data exchange.
  • the program code may be transmitted to the mobile terminal 100 via the SMS channel. If the data volume of the program code exceeds one single SMS message, the program code is distributed among a plurality of concatenated SMS messages.
  • the concatenated SMS messages are forwarded to the smartcard 106 in the order in which they are received in the mobile terminal 100.
  • the smartcard 106 buffers messages and determines their original order based on features contained in the messages. Then, the smartcard 106 joins the messages and processes the resulting message in the validation component as described before.
  • the program code can also be transmitted via the GPRS or HSDPA channel of the mobile communication system using the bearer independent protocol (BIP).
  • BIP bearer independent protocol
  • the smartcard 106 is also connected to the database 110 through the mobile terminal 100 that receives the program code in the first instance and forwards it to the smartcard 106.
  • the database 110 and the mobile terminal 100 are connected via a data network to which the mobile terminal 100 is connected via a certain access point.
  • the data network may be the Internet, for example.
  • the access point may be WLAN access point and the mobile terminal is connected to the access point via a WLAN (Wireless Local Area Network) connection.
  • WLAN Wireless Local Area Network
  • Other wireless connection technologies such as, for example, Bluetooth, ZigBee or NFC (Near Field Communication), may likewise be used for connecting the mobile terminal 100 to the access point.
  • the access point is a PC (Personal Computer) having access to the data network.
  • the mobile terminal 100 is connected to the PC through a USB connection, for example.
  • the mobile terminal 100 could also be connected to the database directly in the same way, as it can be connected to the access point in the architecture described before.
  • the database 110 may be included in a PC, for example.
  • Another type of communication channel for transmitting the program code to the mobile terminal 100 is an optical communication channel.
  • This method for transferring the data to the mobile terminal 100 makes use of the fact, that today's mobile terminals 100 are often equipped with camera sensors 130 for taking pictures or for video telephony.
  • the program code may be transformed into a two-dimensional or three-dimensional barcode that is depicted on a screen.
  • the screen is contained in device to which the program code can be transmitted from the database 110 in a suitably way.
  • This device may be a television device, a PC or another mobile terminal of the same type as the mobile terminal 100 containing the smartcard 106, for example.
  • the barcode on the screen is detected by means of the camera sensor 130 included in the mobile terminal 100 and passed to an application for interpreting the applied barcode, which may be run on the processor of the mobile terminal 100. After having extracted the program code from the barcode it is forwarded to the receiving device of the smartcard 106, which passes it to the validation component in order to process the program code in the way described before.
  • the smartcard 106 is connected directly to the database 110. This means that the connection between the smartcard 106 and the database 110 is not established via the mobile terminal 100 or a data network.
  • this is achieved by transferring the program code to the smartcard 106 using an external card reader, which is included in a device having access to the database 110 via a data connection.
  • the data connection can be a direct connection or a connection via a data network.
  • the adapter module 401 is connected between the card reader unit 120 of the mobile terminal 100 and the smartcard 106 as depicted in figure 4 .
  • the adapter module 401 may be configured as a passive device, which is not engaged in the communication between the mobile terminal 100 and the smartcard 106.
  • the adapter module 401 may have functionalities for modifying messages that are exchanged between the mobile terminal 100 and smartcard 106.
  • the adapter module 401 For connecting the adapter module 401 between the mobile terminal 100 and the smartcard 106, the adapter module 401 comprises a contacting element 402, which can be inserted into the card reader unit 120 of the mobile terminal 100 and which includes electric contacts for contacting contact elements of the card reader unit 120. Further electrical contacts 403 are provided for contacting electric contacts 404 of the smartcard 106. Moreover, the adapter module 401 comprises a microprocessor 405 and a memory unit 406. The microprocessor 405 is capable of communicating with the smartcard 106 and the mobile terminal 100 using a predefined communication protocol. This may be the same communication protocol used for the communication between the mobile terminal 100 and smartcard 106. As one of the electric contacts of the card reader unit 120 of the mobile terminal 100 acts as a power supply for the smartcard 106, the microprocessor 405 can be supplied with power via this electric contact.
  • the adapter module 401 comprises a thin contacting element, which has essentially the same shape as the smartcard 106 and which can be inserted into the card reader unit 120 of the mobile terminal 100 between the electric contacts of the card reader unit 120 and the smartcard 106.
  • the contacting element comprises contact elements 402 for contacting the contact elements 404 of the smartcard 106 and on the opposite surface, contact elements 402 are arranged for contacting the contact elements of the card reader unit 120.
  • the contact elements 402, 403 are connected to the microprocessor of the adapter module 401.
  • the microprocessor 405 and the memory unit 406 of the adapter module 401 may be mounted on a circuit board, which is connected to the contacting element by means of a flexible wire, thereby allowing placing the circuit board into the battery compartment of the mobile terminal 100 together with the battery.
  • the microprocessor 405 and the memory unit 406 may be included in a chip that is mounted on the contacting element.
  • the smartcard 106 is provided with a cutting for accepting the chip.
  • the adapter module 401 comprises a contacting element 402 that has essentially the same shape and thickness as the smartcard 106 and that can be inserted into the card reader unit 120 of the mobile terminal 100 to contact the contact elements of the card reader unit 120.
  • the contacting element 402 is connected to a circuit board via one or more flexible wires.
  • the microprocessor 405 and the memory unit 406 are mounted on the circuit board and, in addition, the circuit board comprises a further card reader unit connected to the microprocessor 405 for receiving the smartcard 106.
  • the circuit board may be thin enough to place it into the battery compartment of the mobile terminal 100, when the smartcard 106 is inserted into the card reader unit 120.
  • the adapter module 401 updates can be provided by means of an additional device the mobile user inserts into his mobile terminal 100. Particularly, this improves the faith of such mobile users that suspect an online data transfer from a remote location. Nonetheless, the smartcard 106 stays under control of the mobile network operator, since the security token has to be provided by the OTA server 108 in order to validate the application provided by the adapter module 401 before installation.
  • the adapter module 401 For controlling the download of an application to the smartcard 106 the adapter module 401 preferably provides a graphical user interface, such as, for example, a selection menu, at the display unit 117 of the mobile terminal 100, which allows the user to select the application to be downloaded to the smartcard 106.
  • the adapter module 401 controls the mobile terminal 100 to provide the graphical user interface using (U)SAT commands, for example. After the user has selected the desired application using the graphical user interface the process of downloading the application to the smartcard 106 is initiated.
  • the adapter module 401 sends the program code of the application to the smartcard 106. Moreover, it may generate a request message for requesting the security token and controls the mobile terminal 100 to send the request message to the OTA server 108. Then, the security token allocated to the selected application is transmitted from the OTA server 108 to the smartcard 106 in the way described before.
  • the validation component validates the program code and allows its installation, if the validation is successful.
  • the word “comprising” does not exclude other elements or steps, and the indefinite article “a” or “an” does not exclude a plurality.
  • a single processor or other unit may fulfill the functions of several items recited in the claims.
  • a computer program may be stored/distributed on a suitable medium, such as an optical storage medium or a solid-state medium supplied together with or as part of other hardware, but may also be distributed in other forms, such as via the Internet or other wired or wireless telecommunication systems. Any reference signs in the claims should not be construed as limiting the scope.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)
EP08400015A 2008-03-28 2008-03-28 Procédé pour la mise à jour d'une carte intelligente et carte intelligente dotée d'une capacité de mise à jour Active EP2106191B1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
ES08400015T ES2400398T3 (es) 2008-03-28 2008-03-28 Procedimiento para actualizar una tarjeta inteligente y tarjeta inteligente con capacidad de actualización
EP08400015A EP2106191B1 (fr) 2008-03-28 2008-03-28 Procédé pour la mise à jour d'une carte intelligente et carte intelligente dotée d'une capacité de mise à jour

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP08400015A EP2106191B1 (fr) 2008-03-28 2008-03-28 Procédé pour la mise à jour d'une carte intelligente et carte intelligente dotée d'une capacité de mise à jour

Publications (2)

Publication Number Publication Date
EP2106191A1 true EP2106191A1 (fr) 2009-09-30
EP2106191B1 EP2106191B1 (fr) 2012-12-26

Family

ID=39764725

Family Applications (1)

Application Number Title Priority Date Filing Date
EP08400015A Active EP2106191B1 (fr) 2008-03-28 2008-03-28 Procédé pour la mise à jour d'une carte intelligente et carte intelligente dotée d'une capacité de mise à jour

Country Status (2)

Country Link
EP (1) EP2106191B1 (fr)
ES (1) ES2400398T3 (fr)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102011007534A1 (de) * 2011-04-15 2012-10-18 Vodafone Holding Gmbh Datenübermittlung zu einem Identifizierungsmodul in einem Mobilfunkendgerät
WO2012177200A1 (fr) * 2011-06-23 2012-12-27 Telefonaktiebolaget L M Ericsson (Publ) Mise à disposition d'informations en réseau dans un module d'authentification d'identité d'abonné
WO2012130461A3 (fr) * 2011-03-31 2013-01-24 Giesecke & Devrient Gmbh Actualisation d'une application de support de données
EP2566207A1 (fr) * 2011-09-05 2013-03-06 Morpho Cards GmbH Réseau informatique, dispositif de téléphone mobile et programme informatique pour écrire des fichiers cryptés sur une carte d'accès de télécommunication
EP2575036A1 (fr) * 2011-09-30 2013-04-03 Gemalto SA Procédé pour traiter des données d'application et premier dispositif correspondant
WO2013049213A1 (fr) * 2011-09-26 2013-04-04 Cubic Corporation Point de vente personnel
JP2015501572A (ja) * 2011-10-12 2015-01-15 テクノロジー・ビジネス・マネジメント・リミテッド セキュアid認証のためのシステム
US9473295B2 (en) 2011-09-26 2016-10-18 Cubic Corporation Virtual transportation point of sale
WO2016200727A1 (fr) * 2015-06-09 2016-12-15 Pure Storage, Inc. Systèmes et procédés pour l'auto-configuration d'un système
FR3038176A1 (fr) * 2015-06-26 2016-12-30 Oberthur Technologies Fourniture et gestion de profils sur un element securise, element securise et serveur associes
US9832649B1 (en) 2011-10-12 2017-11-28 Technology Business Management, Limted Secure ID authentication
US10019704B2 (en) 2011-09-26 2018-07-10 Cubic Corporation Personal point of sale
CN114978573A (zh) * 2022-03-30 2022-08-30 潍柴动力股份有限公司 Ota数据的加密方法、装置以及系统

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2610826A1 (fr) * 2011-12-29 2013-07-03 Gemalto SA Procédé de déclenchement d'une session OTA

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0798673A1 (fr) 1996-03-29 1997-10-01 Koninklijke KPN N.V. Méthode pour transférer des commandes dans une carte à circuit intégré
WO2002071727A2 (fr) * 2001-03-05 2002-09-12 Quasar Communication Systems Ltd. Extension de protocole pour telephones cellulaires
KR20070001309A (ko) * 2005-06-29 2007-01-04 주식회사 팬택 2차원 바코드를 이용한 데이터 다운로드 방법
WO2008035183A2 (fr) 2006-09-20 2008-03-27 Gemalto S.A. Procédé, serveur et sation mobile pour le transfert de données depuis un serveur vers une station mobile

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FI112418B (fi) * 2000-02-01 2003-11-28 Nokia Corp Menetelmä datan eheyden tarkastamiseksi, järjestelmä ja matkaviestin
WO2006106270A1 (fr) * 2005-04-07 2006-10-12 France Telecom Procede et dispositif de securite pour la gestion d'acces a des contenus multimedias

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0798673A1 (fr) 1996-03-29 1997-10-01 Koninklijke KPN N.V. Méthode pour transférer des commandes dans une carte à circuit intégré
WO2002071727A2 (fr) * 2001-03-05 2002-09-12 Quasar Communication Systems Ltd. Extension de protocole pour telephones cellulaires
KR20070001309A (ko) * 2005-06-29 2007-01-04 주식회사 팬택 2차원 바코드를 이용한 데이터 다운로드 방법
WO2008035183A2 (fr) 2006-09-20 2008-03-27 Gemalto S.A. Procédé, serveur et sation mobile pour le transfert de données depuis un serveur vers une station mobile

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012130461A3 (fr) * 2011-03-31 2013-01-24 Giesecke & Devrient Gmbh Actualisation d'une application de support de données
US9348575B2 (en) 2011-03-31 2016-05-24 Giesecke & Devrient Gmbh Update of a data-carrier application
DE102011007534A1 (de) * 2011-04-15 2012-10-18 Vodafone Holding Gmbh Datenübermittlung zu einem Identifizierungsmodul in einem Mobilfunkendgerät
WO2012140101A1 (fr) * 2011-04-15 2012-10-18 Vodafone Holding Gmbh Procédé et système de transmission de données à un module d'identification dans un terminal de radiotéléphonie mobile
WO2012177200A1 (fr) * 2011-06-23 2012-12-27 Telefonaktiebolaget L M Ericsson (Publ) Mise à disposition d'informations en réseau dans un module d'authentification d'identité d'abonné
US9743270B2 (en) 2011-06-23 2017-08-22 Telefonaktiebolaget L M Ericsson (Publ) Provisioning of network information into a subscriber identity module
EP2566207A1 (fr) * 2011-09-05 2013-03-06 Morpho Cards GmbH Réseau informatique, dispositif de téléphone mobile et programme informatique pour écrire des fichiers cryptés sur une carte d'accès de télécommunication
US9312923B2 (en) 2011-09-26 2016-04-12 Cubic Corporation Personal point of sale
US9083486B2 (en) 2011-09-26 2015-07-14 Cubic Corporation Personal point of sale
WO2013049213A1 (fr) * 2011-09-26 2013-04-04 Cubic Corporation Point de vente personnel
US9473295B2 (en) 2011-09-26 2016-10-18 Cubic Corporation Virtual transportation point of sale
US10019704B2 (en) 2011-09-26 2018-07-10 Cubic Corporation Personal point of sale
WO2013045647A1 (fr) * 2011-09-30 2013-04-04 Gemalto Sa Procédé de traitement de données d'application et premier dispositif correspondant
EP2575036A1 (fr) * 2011-09-30 2013-04-03 Gemalto SA Procédé pour traiter des données d'application et premier dispositif correspondant
JP2015501572A (ja) * 2011-10-12 2015-01-15 テクノロジー・ビジネス・マネジメント・リミテッド セキュアid認証のためのシステム
US9832649B1 (en) 2011-10-12 2017-11-28 Technology Business Management, Limted Secure ID authentication
WO2016200727A1 (fr) * 2015-06-09 2016-12-15 Pure Storage, Inc. Systèmes et procédés pour l'auto-configuration d'un système
FR3038176A1 (fr) * 2015-06-26 2016-12-30 Oberthur Technologies Fourniture et gestion de profils sur un element securise, element securise et serveur associes
CN114978573A (zh) * 2022-03-30 2022-08-30 潍柴动力股份有限公司 Ota数据的加密方法、装置以及系统
CN114978573B (zh) * 2022-03-30 2024-02-20 潍柴动力股份有限公司 Ota数据的加密方法、装置以及系统

Also Published As

Publication number Publication date
EP2106191B1 (fr) 2012-12-26
ES2400398T3 (es) 2013-04-09

Similar Documents

Publication Publication Date Title
EP2106191B1 (fr) Procédé pour la mise à jour d'une carte intelligente et carte intelligente dotée d'une capacité de mise à jour
KR100451557B1 (ko) 무선 응용 프로토콜에 기반을 둔 안전한 세션 설정
US10242210B2 (en) Method for managing content on a secure element connected to an equipment
JP5189066B2 (ja) 端末装置におけるユーザ認証方法、認証システム、端末装置及び認証装置
CN107534856A (zh) 用于在无线通信系统中管理终端的简档的方法和装置
EP2381386A1 (fr) Procede pour faciliter et authentifier des transactions
US20090305673A1 (en) Secure short message service (sms) communications
KR20160003992A (ko) eUICC(embedded Universal Integrated Circuit Card)를 위한 프로파일 설치 방법 및 장치
JP2013232986A (ja) 移動端末の近接通信モジュールへのセキュアなアクセスを保障する方法
WO2004068782A1 (fr) Procede et systeme pour identifier l'identite d'un utilisateur
EP1680940B1 (fr) Procede permettant d'authentifier un utilisateur
CN112020716A (zh) 远程生物特征识别
US11139962B2 (en) Method, chip, device and system for authenticating a set of at least two users
EP4057661A1 (fr) Système, module, circuits et procédé
EP2175674B1 (fr) Procédé et système pour l'appairage de dispositifs
US20220408252A1 (en) Method for authenticating a user on a network slice
US8464941B2 (en) Method and terminal for providing controlled access to a memory card
EP1715437A2 (fr) Contrôle d'accès à des données
US9648495B2 (en) Method and device for transmitting a verification request to an identification module
US20140040988A1 (en) Method and System for Data Communication to an Identification Module in a Mobile Radio Terminal
EP2106098B1 (fr) Sauvegarde distante de données stockées dans un dispositif de communications mobiles
EP3024194A1 (fr) Méthode pour accéder à un service, et système, dispositif et serveur correspondants

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA MK RS

17P Request for examination filed

Effective date: 20100315

17Q First examination report despatched

Effective date: 20100409

AKX Designation fees paid

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR

REG Reference to a national code

Ref country code: DE

Ref legal event code: R079

Ref document number: 602008021121

Country of ref document: DE

Free format text: PREVIOUS MAIN CLASS: H04W0088020000

Ipc: H04L0029060000

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 29/06 20060101AFI20120424BHEP

Ipc: H04W 12/10 20090101ALI20120424BHEP

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: AT

Ref legal event code: REF

Ref document number: 590969

Country of ref document: AT

Kind code of ref document: T

Effective date: 20130115

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602008021121

Country of ref document: DE

Effective date: 20130228

REG Reference to a national code

Ref country code: ES

Ref legal event code: FG2A

Ref document number: 2400398

Country of ref document: ES

Kind code of ref document: T3

Effective date: 20130409

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121226

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121226

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121226

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121226

Ref country code: NO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130326

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 590969

Country of ref document: AT

Kind code of ref document: T

Effective date: 20121226

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG4D

REG Reference to a national code

Ref country code: NL

Ref legal event code: VDEP

Effective date: 20121226

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121226

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121226

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130327

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121226

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130326

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121226

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121226

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121226

Ref country code: BE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121226

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130426

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130426

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121226

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121226

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121226

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121226

Ref country code: MC

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20130331

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121226

26N No opposition filed

Effective date: 20130927

REG Reference to a national code

Ref country code: IE

Ref legal event code: MM4A

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 602008021121

Country of ref document: DE

Effective date: 20130927

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20130328

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20130331

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20130331

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121226

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20121226

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20130328

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO

Effective date: 20080328

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 9

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 10

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 11

REG Reference to a national code

Ref country code: DE

Ref legal event code: R079

Ref document number: 602008021121

Country of ref document: DE

Free format text: PREVIOUS MAIN CLASS: H04L0029060000

Ipc: H04L0065000000

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20240320

Year of fee payment: 17

Ref country code: GB

Payment date: 20240320

Year of fee payment: 17

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: IT

Payment date: 20240329

Year of fee payment: 17

Ref country code: FR

Payment date: 20240322

Year of fee payment: 17

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: ES

Payment date: 20240426

Year of fee payment: 17